US8553700B1 - Method and system for facilitating packet-based communications - Google Patents
Method and system for facilitating packet-based communications Download PDFInfo
- Publication number
- US8553700B1 US8553700B1 US12/626,509 US62650909A US8553700B1 US 8553700 B1 US8553700 B1 US 8553700B1 US 62650909 A US62650909 A US 62650909A US 8553700 B1 US8553700 B1 US 8553700B1
- Authority
- US
- United States
- Prior art keywords
- request
- initiation message
- destination
- message
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Definitions
- SIP SESSION INITIATION PROTOCOL
- VoIP voice over packet
- VoIP is a process of sending voice or video signals over the Internet or other communications networks, such as intranets. If the telephone signal is in analog form (voice or fax), the signal is first converted to a digital form. Packet-routing information is then added to the digital voice signal so the voice signal can be routed through the Internet or other data networks.
- SIP can be used in instant-messaging (IM) or other real-time collaboration applications and in “presence” applications, such as “buddy lists.”
- SIP may work in concert with other protocols and is involved in the signaling portion of a communication session.
- SIP acts as the carrier for Session Description Protocol (SDP), which describes the media content of a session.
- SDP describes, for example, what IP ports to use and the codec being used during a particular session.
- SIP sessions are control sessions for packet streams of Realtime Transport Protocol (RTP).
- RTP is the carrier for the actual voice or video content in itself.
- SIP-compliant services are still immature in many ways. As a result, the tools and techniques that have been developed over the years to secure and protect many other IP based services have not yet become available to SIP-compliant services. So while SIP-compliant services inherit many of the vulnerabilities of being an IP based service, few protections afforded other IP based services are enjoyed.
- DOS denial of service attacks
- One exemplary DOS attack utilizes a hostile machine creating forged (spoofed) messages that appear to originate from legitimate senders. The hostile machine sends the spoofed messages to a targeted destination. With a sufficiently large number of spoofed messages, the target's phone (or data) services become clogged and rendered inoperable.
- the SIP standard does specify a method for authenticating messages, the built-in authentication mechanisms are not generally used because they are costly in terms of processing power required and can cause additional problems such as increased call set up times.
- a successful DOS attack may result in crashing a particular SIP element.
- the phone When dealing with a phone, the phone may no longer accepts user input and no longer be unusable.
- the SIP element may enter a reboot cycle as a result of the DOS attack and/or the element may require manual intervention to bring the element back online.
- Successful DOS attacks may also result in the inability of the element to process additional calls since the element is flooded with malicious SIP messages and cannot process valid messages.
- the DOS attack makes service unavailable to legitimate users, who will typically experience a busy signal or “dead air.”
- a successful DOS attack often results in degradation in the voice quality of the service. This degradation is due, in part, to a decrease in available band-width and processor resources.
- Voice quality can be measured by a Mean Opinion Score (MOS) and typical DOS attacks may result in a decreased MOS from acceptable to unacceptable, where 2.5 is considered the minimum acceptable MOS.
- MOS Mean Opinion Score
- the present invention solves at least the above problems by providing a system and method for validating messages.
- the present invention has several practical applications in the technical arts including decreasing network downtime because a lesser portion of the network is affected by malicious attacks. Further, by preventing malicious attacks, increasing overall voice quality over the network.
- the present invention provides a method for facilitating a packet-based communications call, comprising, first, receiving a request to connect to a destination described by a first target, the first target including a user-identification parameter and a domain parameter. Second, using the target, generating a second target associated with the first target. Finally, permitting the request to be fulfilled if the request is associated with the second target.
- the present invention provides a method for communicating data using a text-based protocol, comprising, first, receiving a request to communicate data to a destination address including a user-identification parameter and a domain parameter. Second, generating a string without user interaction that is associated with the destination address. Finally, permitting the request to be fulfilled if the request is verified to be associated with the string.
- the present invention provides a method for communicating data using a text-based protocol.
- the method comprises, first, receiving a request to communicate data to an original destination address which includes a user-identification parameter and a domain parameter. Second, deriving a modified address that is associated with the original destination address. Finally, permitting the request to be fulfilled if it is verified to be associated with the original destination request.
- the present invention provides a method for validating messages using a text-based protocol that establishes, modifies or terminates multimedia sessions in a telecommunications system having end-points compliant with the text-based protocol communicating with endpoints compliant with the text-based protocol.
- the method comprises receiving at end-points text based-initiation messages from an initiating party.
- the structure of each session initiation message includes a target identifier and a call identifier.
- Next, based on the call identifier indicating whether each session initiation message is an initial message or redirected message. If the message is an initial message, then appending a portion of the initial message target identifier and returning to the initiating party a redirect message having the appended portion of the initial message target identifier.
- the session initiation message is a redirected message, then determining whether the redirected message includes the appended portion of the corresponding initial message target identifier, and, based on the determination, forwarding the redirected message to a proper endpoint.
- a method for validating messages using a text-based protocol that establishes, modifies or terminates multimedia sessions in a telecommunications system having end-points communicating with other endpoints compliant with said text-based protocol.
- This method comprises, first, receiving at the end-points session initiation messages from an initiating party.
- the structure of each session initiation message includes a target identifier and a call identifier.
- a method for validating messages using a text-based protocol that establishes, modifies or terminates multimedia sessions in a telecommunications system having text-based compliant endpoints communicating with other text-based compliant endpoints.
- the method comprises receiving at one of the endpoints session initiation messages from an initiating party.
- the structure of each session initiation message includes a target identifier and a call identifier and based on the call identifier, determining whether each session initiation message is an initial message or a redirected message. If the message is an initial message, then modifying the content of the initial message target identifier to generate a modified target identifier and returning to the initiating party a redirect message having the modified target identifier. Finally, forwarding each redirected message to a recipient associated with the modified target identifier.
- a method which comprises receiving first messages from an initiating party.
- the first messages include a target string and a call string and based on the call string, identifying second messages from the one or more first messages.
- forwarding the third messages having the unique target string to a recipient identified in the second message based on the association of the unique target string to the unique identification string in the data structure.
- a method for validating text-based protocol compliant multimedia sessions in a communications-networking environment.
- the method comprises receiving a set of first messages that include a target string and a call string and based on the call string, identifying a set of second messages from the set of first messages. Modifying characteristics of the target string to form a unique associated target string for each second message that is an initial message. Modifying the characteristics includes using the characteristics to create derived characteristics. Next, returning a third message having the associated target string. Finally, transmitting each first message having the associated target string.
- a method for message validation in a network.
- the method comprises sending one or more text-based protocol messages that include a target string and a call string.
- an intermediary validation device identifying initial session initiation messages from the sent messages. For each message that is an initial session initiation message, inserting characteristics into the target string to form an associated target string and returning a redirected session initiation message having the associated target string.
- passing initiation messages having the associated target string to a recipient identified in the target string of the initial session initiation message.
- a validation system for use in data communication networks supporting text-based protocol.
- the system comprises a terminal endpoint device in communication with an initiating endpoint device.
- the system includes an intermediary component coupled to the terminal endpoint and authenticates communication from the initiating endpoint to the terminal endpoint.
- FIGS. 1A-1E are exemplary embodiments of communications paths
- FIGS. 2A and 2B illustrates exemplary embodiments of a request line
- FIG. 3 illustrates an embodiment of a communications path of the present invention illustrating placement of an intermediary device for validation of messages
- FIG. 4 illustrates an overview of an embodiment of a method for validating incoming messages
- FIG. 5 illustrates exemplary embodiments of multiple header fields in relation to FIG. 4 ;
- FIG. 6 illustrates a block diagram of an embodiment of a method for validating messages
- FIGS. 7-13 illustrate several exemplary embodiments for generating a properly encoded message according to step 618 of FIG. 6 .
- the present invention provides a system and method for validating SESSION INITIATION PROTOCOL messages (SIP) through the use of a novel validation method.
- validation may incorporate modifying or amending properties in a SIP message to generate a unique validation characteristic. This characteristic may be used to access the legitimacy of the message to prevent hostile attacks, such as a DOS attack, directed toward a recipient or recipients of the message.
- embodiments of the present invention may be used in connection with various protocols, including text-based protocols, such as SIP, MGCP (Media Gateway Control Protocol), and NCS (Network based Call Signaling).
- text-based protocols such as SIP, MGCP (Media Gateway Control Protocol), and NCS (Network based Call Signaling).
- SIP Session Initiation Protocol
- MGCP Media Gateway Control Protocol
- NCS Network based Call Signaling
- the present invention may be embodied as, among other things: a method, system, or computer-program product. Accordingly, the present invention may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware. In one embodiment, the present invention takes the form of a computer-program product that includes computer-useable instructions embodied on one or more computer-readable media.
- Computer-readable media include both volatile and nonvolatile media, removable and nonremovable media, and contemplates media readable by a database, a switch, and various other network devices.
- Network switches, routers, and related components are conventional in nature, as are means of communicating with the same.
- computer-readable media comprise computer-storage media.
- Computer-storage media include media implemented in any method or technology for storing information. Examples of stored information include computer-useable instructions, data structures, program modules, and other data representations.
- Computer-storage media include, but are not limited to RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile discs (DVD), holographic media or other optical disc storage, magnetic cassettes, magnetic tape, magnetic disk storage, and other magnetic storage devices. These memory components can store data momentarily, temporarily, or permanently. Combinations of the above are included within the scope of computer-readable media.
- SIP can be used in communication sessions using, for example, VoP and instant-messaging (IM) applications.
- a user located at either an initiating or receiving endpoint may be termed a user agent (UA).
- a UA comprises a user agent client (UAC), which generates requests and a user agent server (UAS) which responds to requests.
- UAC user agent client
- UAS user agent server
- a UA comprises both a UAC and a UAS.
- SIP doesn't define what a session is, but rather is concerned with the initiation, modification, and termination of a session. Initiating a session requires determining where the recipient UA is actually residing at the particular moment.
- a user may have a PC at work, a PC at home, and an IP phone at a lab.
- SIP delivers a description of the session to which the recipient UA is invited.
- SIP itself does not know the details of the session, however, SIP does convey information about the protocol used to describe the session. SIP does this through the use of Multipurpose Internet Mail Extensions (MIME), widely used in web and e-mail services to describe content (HTML, audio, video, etc.).
- MIME Multipurpose Internet Mail Extensions
- the most common protocol used to describe sessions is the Session Description Protocol (SDP), described in request for comments (RFC) 2327 published by the Internet Engineering Task Force (IETF) and incorporated herein by reference.
- SIP is based on a request-response paradigm, and is described in further detail in RFC 3261, incorporated herein by reference. Exemplary communication paths illustrating SIP sessions are described in greater detail in FIGS. 1A-1E .
- SIP sessions comprise a series of requests, which include header fields and a request line. Header fields comprise “To,” “From,” “Cseq,” “Call-ID,” “Contact,” and “Via” fields, which will be described in greater detail in relation to FIG. 5 .
- Request lines comprise a method (SIP, HTTP, MGCP “Media Gateway Control Protocol,” etc.) and request address. Request lines may, in some embodiments, be termed a target or destination string.
- request addresses may be referred to in the art as either a universal resource locator (URL) or a universal resource indicator (URI).
- URL universal resource locator
- URI and URL refer to a request address.
- request addresses may be referred to as strings or identifiers.
- An exemplary format for a request address is discussed in further detail in relation to FIGS. 2A and 2B .
- Embodiments of the present invention may use the request address for validation to prevent malicious attacks directed toward a recipient or recipients. Exemplary embodiments will be discussed in greater detail in FIGS. 4 and 6 - 13 . Embodiments of systems incorporating the present invention will be discussed in relation to FIG. 3 .
- FIGS. 1A-1E are exemplary embodiments of communications paths that may be utilized during SIP-initiated sessions.
- the communications paths may utilize both circuit-switched and packet-switched communications mediums.
- FIG. 1A there is illustrated one embodiment of a communications path 100 .
- a session is initiated by UAs 110 and 112 at end point 1 to a UA 120 at end point 2 .
- three UAs are shown in FIG. 1A , multiple UAs may reside at end points 1 and 2 .
- UAs 110 and 112 communicate with UA 120 through a proxy server 114 and a proxy server 118 .
- communications between UAs at end point 1 and end point 2 take place through a network 116 communications medium, as in, for example, a VoP call using the Internet.
- communications between UAs 110 and 112 and 120 may be routed through an additional proxy server 122 .
- additional proxy server 122 is illustrated in FIG. 1B , communications between UAs 110 , 112 , and 120 may be routed through more than one additional proxy server 122 .
- Communications path 104 differs from communications path 100 in the use of session border controllers (SBC) 126 and 128 that may be located before proxy servers 114 and 118 .
- SBC session border controllers
- An SBC is an interface to a network firewall that facilitates a secure hand-off of voice packets from one network to another network. Further, an SBC controls the communication session as it crosses the border from one network to another. Conventional firewalls secure data streams, but for IP networks, SBCs facilitate secure, real time, multimedia communication.
- a VoP-aware firewall may be used instead of an SBC.
- Path 106 may be a session between UAs 110 , 112 and 120 through network communications medium 116 and a publicly switched telephone network (PSTN) communications medium 132 .
- PSTN publicly switched telephone network
- a session is initiated by UAs 110 and 112 through the Internet to a UA 120 having a plain old telephone (POT).
- POT plain old telephone
- a softswitch 130 is used to hand-off a call from network 116 to PSTN 132 .
- Softswitches are call-control processing devices that can receive call requests for users and assign connections directly between communication devices. Softswitches set up the connections; they do not actually transfer the call data.
- Softswitches were developed to replace existing end office (EO) switches that have limited interconnection capabilities and to transfer the communication path connections from dedicated high-capacity lines to other more efficient packet networks (such as packet data on the Internet). This allows a single softswitch to operate anywhere without the need to be connected to high-capacity trunk connections.
- the session proceeds through a central office (CO) 134 to UA 120 .
- CO central office
- An embodiment of communications path 108 shown in FIG. 1E , illustrates the reverse of FIG. 1D in that UAs 110 and 112 initiate a session through PSTN 132 to UA 120 coupled to network 116 .
- FIG. 2A An exemplary embodiment of a SIP request line 200 is illustrated in FIG. 2A .
- Line 200 comprises a method field 212 ; a request address 210 , which may include a user-information field 214 ; a host field 216 ; a parameters field 218 ; and a headers field 220 .
- the scope of the present invention is not, however, limited to the aforementioned fields.
- SIP is extensible and, thus, other fields not herein enumerated may be included within the scope of the invention.
- SIP protocol is indicated in method field 212 .
- user-information field 214 comprises user-identifier of a particular UA being addressed and a password string separated by a colon.
- user-information field 214 terminates with “@.”
- Exemplary user-information fields 214 are shown in FIG. 2B and include destination addresses resembling e-mail addresses or destination addresses resembling telephone numbers.
- Host field 216 may comprise a host and a port string separated by a colon. The host string is commonly the domain or location of the recipient. The domain may comprise a domain label and a top label. In addition, the domain may comprise a numeric IPv4 or Ipv6 address.
- exemplary host field 218 would be big.com or proxy.big.com or 10.1.2.3.
- the port string is the port number of the domain to which the request of request line 200 is to be sent.
- request address 200 further includes parameters field 218 , which comprises any number of parameter strings such as a transport parameter string, user parameter string, method parameter string, TTL parameter string, and maddr parameter string.
- parameter field 218 is proceeded by a semicolon.
- Transport parameter strings denote the transport mechanism to be used for sending a SIP messages.
- Exemplary transport string include UDP and TCP.
- maddr parameter strings indicate a server address to be contacted for a particular UA identified in the user-information field 214 , overriding the domain address located in the host field 216 .
- TTL parameter strings determine the time-to-live value of a UDP multicast packet and may be limited in use in a situation where the maddr parameter is a multicast address and the transport parameter is UDP.
- FIG. 5 illustrates exemplary embodiments of multiple header fields. As will be discussed below, FIG. 5 further expands on an embodiment of a method of the invention illustrated in FIG. 4 .
- An exemplary header field for step 416 of FIG. 4 is provided to introduce common header fields and will be referenced as header field 416 .
- Header field 416 comprises a request line 416 a , a “To” field 416 b , a “From” field 416 c , a “CSeq” field 416 d , a “Call-ID” field 416 e , a “Max-Forwards” field 416 f , a “Via” field 416 g , and a “Contact” field 416 h .
- “To” field 416 b comprises the address of the recipient of the request and may generally be equivalent to the request address of request line 416 a described in greater detail hereinabove.
- “From” field 416 c comprises the address of the initiator or sender of the request and is used by SIP elements to determine which processing rules to apply, such as whether or not to automatically reject the incoming request.
- “CSeq” field 416 d identifies and orders transactions and may provide sequence data and method data. Method data generally matches that of request line 416 a and sequence data generally comprises a 32-bit unsigned integer.
- “Call-ID” field 416 e comprises a unique identifier to group together a series of messages. The unique identifier should be the same for all requests and responses sent during a session.
- “Max-Forwards” field 416 f comprises a data value that limits the number of hops a message may transit during its so journeyn to its destination. The data value is decremented by one at each hop. If the data value is zero, the message may generate an error response and be rejected at its destination.
- “Via” field 416 g comprises a data value indicating the transport used for the session and the identity of the message's destination location.
- “Contact” field 416 h provides a SIP request address that may be used to contact the initiating UA for subsequent requests. The forgoing fields comprise the most typical fields included in SIP header fields. However, other fields may be present and are described in further detail in RFC 3261.
- SIP INVITE request Incorporated into request line 416 a in header field 416 is a SIP INVITE request.
- SIP requests and responses comprise INVITE, MOVED, ACKnowledge (ACK), OK and BYE, each of which are described in greater detail in RFC 3261.
- INVITE and MOVED request and response An INVITE request may be utilized by an initiating UA to initiate a session with the recipient UA designated in a request line. The recipient UA may either accept the request with an ACK response, or reject the request with, for example, a MOVED response.
- the MOVED response is similar in function to conventional call-forwarding and causes the initiating UA to reissue an INVITE request to the address of the recipient UA identified in the MOVED response.
- a MOVED response to an INVITE request the entire request address from the INVITE request is incorporated into the request line of the MOVED response.
- Some embodiments of the present invention may utilize the INVITE request and MOVED response to prevent malicious attacks.
- the INVITE request and MOVED response are utilized, the present invention should not be construed as being limited to the aforementioned request and response.
- Embodiments of the present invention use SIP message validation for each incoming SIP message, and message validation should not be construed to be limited to INVITE messages.
- the aforementioned fields with the exception of “To” field 416 b , should be equivalent for each session.
- Embodiments of the present invention utilize this nature of SIP to perform message validation.
- FIG. 3 there is illustrated an embodiment of a communications path 300 of the present invention illustrating placement of an intermediary device for validation of SIP messages at points A and B.
- the communications path 300 illustrated in FIG. 3 resembles the communications path 100 of FIG. 1A
- the communications path of FIG. 3 may take the form of any of the communications paths described in FIGS. 1A through 1E .
- An intermediary point for validation of SIP-compliant messages may take the form of a software integrated in an existing device as in Proxy 318 at point B, a dedicated denial of service device (DOS) at point A, such as those manufactured by Riverhead (now Cisco)TM, or a hardware component dedicated for the purpose of validation.
- DOS dedicated denial of service device
- an embodiment of an intermediary validation component may comprise all or a combination of the integrated software and hardware components located at points A and B.
- An intermediary validation component according to an embodiment of the present invention should be positioned, either logically or physically, in a network arrangement ( FIGS. 1A-1E ) so as to receive messages incoming to a recipient UA.
- Method 400 comprises an initiating UA 410 , an intermediary validation point 412 , and a recipient UA 414 .
- intermediary validation point 412 may be either integrated into an existing device or operate as a stand-alone device.
- initiating UA 410 sends an INVITE request to recipient UA 414 through a network.
- the syntax of an exemplary INVITE request is illustrated in FIG. 5 as INVITE request 416 .
- the various fields that comprise INVITE request 416 have been described above.
- intermediary validation component 412 receives the incoming INVITE request before the request reaches the recipient UA.
- intermediary validation component 412 amends the INVITE message's request address and incorporates the amended address into a MOVED message.
- the MOVED message is relayed to the initiating UA 410 .
- the syntax of an exemplary MOVED message is illustrated in FIG. 5 as MOVED message 420 .
- the various fields comprising MOVED message 420 are substantially similar to that of INVITE message 416 , with the exception of “Contact” field 420 h , which comprises the amended request address.
- an additional field must also be amended or modified.
- the additional field may be any or a combination of user-information, host or headers field of a request line.
- the reissued INVITE message comprises the amended address which was imbedded in “Contact” field 420 h of MOVED message 420 .
- intermediary point 412 receives the reissued INVITE message and if the amended address is present, the reissued invite message is forwarded to the recipient UA 414 at a step 428 .
- the recipient UA accepts the reissued INVITE message by returning an “OK” message and at a step 434 the initiating UA 410 acknowledges initiation of the session with the “ACK” message.
- initiating UA 410 communicates with recipient UA 414 , using, for example, RTP.
- the session at step 438 is terminated at steps 440 and 442 with a “BYE” message.
- an intermediary validation component awaits an incoming SIP message from an initiating UA. After receipt of an incoming SIP message, the intermediary validation component determines if the message is properly encoded at a step 612 . In some embodiments, an intermediary validation component determines whether the message is properly encoded by accessing a data structure comprising relational data between a characteristic of an initial INVITE message and a code (also termed a hash). The relational data may be based on, for example, the “Call-ID,” “From,” or “Cseq” fields of a header field of an initial INVITE message.
- the relational data may be based on any characteristic capable of linking a set of messages pertaining to a particular call.
- the data structure may comprise either a database, server, look-up table, workstation, or any other data storage device.
- a code may be either unique to a particular call or, in other embodiments, be used more than once.
- the intermediary validation component encodes the message at a step 618 and requests the initiating UA to return a properly encoded message.
- exemplary embodiments for encoding are illustrated in FIGS. 7-13 .
- encoding comprises modifying or amending some aspect of an initial INVITE message in a manner so as to validate subsequent messages stemming from the initial INVITE message based upon the amendment or modification.
- FIGS. 7-13 there is illustrated several exemplary embodiments for generating a properly encoded message in step 618 of FIG. 6 .
- FIGS. 7-10 illustrate various aspects of an embodiment in which a request address is amended with additional data (the hash).
- the additional data is added to a field having null data. Further, it is desirable that the additional data or hash does not conflict with predefined fields or strings commonly used in the request address.
- an INVITE message is received by the intermediary validation component from the initiating UA, and a request address is extracted from the message at a step 618 b .
- a hash is derived at a step 618 c and inserted into a parameters field of the extracted request address at a step 618 d .
- another field such as a user-information, host, or headers field of the request address is amended or modified.
- a message having the hash in the initial request address is returned to the initiating UA at a step 618 e .
- the intermediary validation component awaits a reissued INVITE request with the properly located hash at a step 618 f .
- a hash is derived and inserted into a parameters field at a step 618 j .
- a hash is derived and inserted into a user-information field at a step 618 q and in FIG. 10 , a hash is derived for either each parameter and header field or both and inserted therein at a step 618 v.
- FIGS. 11-13 illustrate various aspects of an embodiment in which a request address is modified with additional data.
- FIG. 11 illustrates a modification of a password string of a user-information field of a request address at a step 618 ae .
- FIG. 12 illustrates a modification of a host field of a request address at a step 618 al .
- the initiating UA reissues an INVITE message to a new host.
- the intermediary validation component of FIG. 6 may forward the message through the new host.
- the intermediary validation component may access the data structure comprising the relational data and forward the message to the original host.
- a user-information field of a request address is modified by a hash and returned to the initiating UA at a step 618 as.
- the intermediary validation component at step 612 in FIG. 6 accesses the relational database to determine the original user information upon receipt of a reissued INVITE request having the hash in the user-information field.
- the original user information is determined and the message is forwarded to the recipient UA.
Abstract
Description
Claims (14)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/626,509 US8553700B1 (en) | 2004-12-02 | 2009-11-25 | Method and system for facilitating packet-based communications |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/003,816 US7681038B1 (en) | 2004-12-02 | 2004-12-02 | Method and system for facilitating packet-based communications |
US12/626,509 US8553700B1 (en) | 2004-12-02 | 2009-11-25 | Method and system for facilitating packet-based communications |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/003,816 Continuation US7681038B1 (en) | 2004-12-02 | 2004-12-02 | Method and system for facilitating packet-based communications |
Publications (1)
Publication Number | Publication Date |
---|---|
US8553700B1 true US8553700B1 (en) | 2013-10-08 |
Family
ID=41819636
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/003,816 Active 2029-01-13 US7681038B1 (en) | 2004-12-02 | 2004-12-02 | Method and system for facilitating packet-based communications |
US12/626,509 Active 2026-09-03 US8553700B1 (en) | 2004-12-02 | 2009-11-25 | Method and system for facilitating packet-based communications |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/003,816 Active 2029-01-13 US7681038B1 (en) | 2004-12-02 | 2004-12-02 | Method and system for facilitating packet-based communications |
Country Status (1)
Country | Link |
---|---|
US (2) | US7681038B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100079784A1 (en) * | 2008-09-30 | 2010-04-01 | James Jackson | Dynamic facsimile transcoding in a unified messaging platform |
US9749296B1 (en) * | 2006-06-30 | 2017-08-29 | Avaya Inc. | Method and apparatus for modifying address information in signaling messages to ensure in-path devices remain in signaling path between endpoints |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8098594B2 (en) * | 2009-06-10 | 2012-01-17 | Verizon Patent And Licensing Inc. | Dynamic SIP max-hop setup for IMS |
US8719926B2 (en) * | 2011-02-11 | 2014-05-06 | Verizon Patent And Licensing Inc. | Denial of service detection and prevention using dialog level filtering |
US9961059B2 (en) * | 2014-07-10 | 2018-05-01 | Red Hat Israel, Ltd. | Authenticator plugin interface |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030217165A1 (en) * | 2002-05-17 | 2003-11-20 | Microsoft Corporation | End-to-end authentication of session initiation protocol messages using certificates |
US20040105433A1 (en) * | 2002-12-02 | 2004-06-03 | Cheong-Jeong Seo | Terminal registration method using session initiation protocol |
US20060026288A1 (en) * | 2004-07-30 | 2006-02-02 | Arup Acharya | Method and apparatus for integrating wearable devices within a SIP infrastructure |
US7184418B1 (en) * | 1999-10-22 | 2007-02-27 | Telcordia Technologies, Inc. | Method and system for host mobility management protocol |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6389279B1 (en) * | 1999-11-16 | 2002-05-14 | Lucent Technologies Inc. | Method and apparatus providing call redirection for subsequent call events in a telephone communications system |
US7006508B2 (en) * | 2000-04-07 | 2006-02-28 | Motorola, Inc. | Communication network with a collection gateway and method for providing surveillance services |
US7684565B2 (en) * | 2001-01-16 | 2010-03-23 | General Instrument Corporation | System for securely communicating information packets |
US7512970B2 (en) * | 2004-07-15 | 2009-03-31 | Cisco Technology, Inc. | Host credentials authorization protocol |
US7461400B2 (en) * | 2004-12-22 | 2008-12-02 | At&T Intellectual Property, I,L.P. | Methods, systems, and computer program products for providing authentication in a computer environment |
-
2004
- 2004-12-02 US US11/003,816 patent/US7681038B1/en active Active
-
2009
- 2009-11-25 US US12/626,509 patent/US8553700B1/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7184418B1 (en) * | 1999-10-22 | 2007-02-27 | Telcordia Technologies, Inc. | Method and system for host mobility management protocol |
US20030217165A1 (en) * | 2002-05-17 | 2003-11-20 | Microsoft Corporation | End-to-end authentication of session initiation protocol messages using certificates |
US20040105433A1 (en) * | 2002-12-02 | 2004-06-03 | Cheong-Jeong Seo | Terminal registration method using session initiation protocol |
US20060026288A1 (en) * | 2004-07-30 | 2006-02-02 | Arup Acharya | Method and apparatus for integrating wearable devices within a SIP infrastructure |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9749296B1 (en) * | 2006-06-30 | 2017-08-29 | Avaya Inc. | Method and apparatus for modifying address information in signaling messages to ensure in-path devices remain in signaling path between endpoints |
US20100079784A1 (en) * | 2008-09-30 | 2010-04-01 | James Jackson | Dynamic facsimile transcoding in a unified messaging platform |
US8711857B2 (en) * | 2008-09-30 | 2014-04-29 | At&T Intellectual Property I, L.P. | Dynamic facsimile transcoding in a unified messaging platform |
Also Published As
Publication number | Publication date |
---|---|
US7681038B1 (en) | 2010-03-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7412521B2 (en) | End-point identifiers in SIP | |
Saint-Andre | Extensible messaging and presence protocol (XMPP): Core | |
Rosenberg et al. | RFC3261: SIP: session initiation protocol | |
Jennings et al. | Managing Client-Initiated Connections in the Session Initiation Protocol (SIP) | |
Saint-Andre | RFC 6120: extensible messaging and presence protocol (XMPP): core | |
Rosenberg et al. | SIP: session initiation protocol | |
US8464329B2 (en) | System and method for providing security for SIP-based communications | |
US8200827B1 (en) | Routing VoIP calls through multiple security zones | |
US20020120760A1 (en) | Communications protocol | |
US7509425B1 (en) | Establishing and modifying network signaling protocols | |
US7568224B1 (en) | Authentication of SIP and RTP traffic | |
US7792065B2 (en) | Securely establishing sessions over secure paths | |
US7653938B1 (en) | Efficient cookie generator | |
US8553700B1 (en) | Method and system for facilitating packet-based communications | |
US9420018B2 (en) | End-to-end address transfer | |
Petit-Huguenin et al. | Session traversal utilities for NAT (STUN) | |
JP4966376B2 (en) | Loop detection in SIP signaling proxy | |
Patrick | Voice over IP security | |
US11764963B2 (en) | Methods and apparatus for adding and/or providing stir/shaken diversion information | |
Dwivedi | Hacking VoIP: protocols, attacks, and countermeasures | |
US20100146061A1 (en) | session process and system | |
Zhang et al. | Blocking attacks on SIP VoIP proxies caused by external processing | |
WO2007095726A1 (en) | System and method for providing security for sip-based communications | |
Gurbani et al. | Connection Reuse in the Session Initiation Protocol (SIP) | |
WO2008052290A1 (en) | A session process and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SPRINT COMMUNICATIONS COMPANY L.P., KANSAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:DAWSON, TRAVIS EDWARD;EVANS, MARK;STRALEY, JAY CEE;AND OTHERS;REEL/FRAME:027929/0636 Effective date: 20041202 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, NEW YORK Free format text: GRANT OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:SPRINT COMMUNICATIONS COMPANY L.P.;REEL/FRAME:041895/0210 Effective date: 20170203 |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
AS | Assignment |
Owner name: SPRINT COMMUNICATIONS COMPANY L.P., KANSAS Free format text: TERMINATION AND RELEASE OF FIRST PRIORITY AND JUNIOR PRIORITY SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:052969/0475 Effective date: 20200401 Owner name: DEUTSCHE BANK TRUST COMPANY AMERICAS, NEW YORK Free format text: SECURITY AGREEMENT;ASSIGNORS:T-MOBILE USA, INC.;ISBV LLC;T-MOBILE CENTRAL LLC;AND OTHERS;REEL/FRAME:053182/0001 Effective date: 20200401 |
|
AS | Assignment |
Owner name: T-MOBILE INNOVATIONS LLC, KANSAS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:SPRINT COMMUNICATIONS COMPANY L.P.;REEL/FRAME:055604/0001 Effective date: 20210303 |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 8 |
|
AS | Assignment |
Owner name: SPRINT SPECTRUM LLC, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: SPRINT INTERNATIONAL INCORPORATED, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: SPRINT COMMUNICATIONS COMPANY L.P., KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: SPRINTCOM LLC, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: CLEARWIRE IP HOLDINGS LLC, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: CLEARWIRE COMMUNICATIONS LLC, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: BOOST WORLDWIDE, LLC, KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: ASSURANCE WIRELESS USA, L.P., KANSAS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: T-MOBILE USA, INC., WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: T-MOBILE CENTRAL LLC, WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: PUSHSPRING, LLC, WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: LAYER3 TV, LLC, WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 Owner name: IBSV LLC, WASHINGTON Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:DEUTSCHE BANK TRUST COMPANY AMERICAS;REEL/FRAME:062595/0001 Effective date: 20220822 |